Medusa ransomware gang claims data breach of Toyota Financial Services in Germany
Hacking group posts proof-of-hack details, including passports, alongside un-hashed passwords.
A ransomware gang is claiming to have exfiltrated a trove of sensitive data from Toyota Financial Services in Germany.
The Medusa gang made the claim on its leak site today (16 November), posting screenshots of several documents to prove the hack is real, alongside a file tree of all the data exfiltrated.
Included in the files are a number of financial documents, numerous spreadsheets, what looks to be payment and refinancing plans, and scans of a Serbian passport.
In particular, one of the documents includes usernames and un-hashed words for several production and development environments, including remote desktop details, SQL servers, and metadata repositories. Access key IDs and secret access keys are also included.
Medusa has also included a brief description of the hack.
“Toyota Motor Corporation is a Japanese multinational automotive manufacturer headquartered in Toyota City, Aichi, Japan,” Medusa’s leak site said. “Toyota is one of the largest automobile manufacturers in the world, producing about 10 million vehicles per year.
“The leaked data is from Toyota Financial Services in Germany. Toyota Deutschland GmbH is an affiliated company held by Toyota Motor Europe (TME) in Brussels/Belgium and located in Köln (Cologne).”
The leak site also includes a countdown to when the data will be published completely, in 10 days on 26 November.
Medusa has also published its ransom demand – an impressive US$8 million to either delete the data wholesale or to purchase it and download it immediately. For US$10,000 a day, the gang will extend the deadline for 24 hours.
The file tree of the leak seems to have a large amount of data, including 52 separate backup files, each just over four gigabytes in size. In a folder called Vault, there is a list of files called trustee_quota.export. A folder labelled Personal has a large number of PDF scans of various documents that appear to be work orders and commissions, as well as several passport scans.
There are 10 folders in total and hundreds of gigabytes of data listed.
Cyber Daily has reached out to Toyota Europe for comment.